One of the most important things Juvonno users in the EU need to do to comply with GDPR is to Determine and DECLARE the legal basis on which they will process personal data.
Here are the exact words from the EU Information Commissioner:
Consent is appropriate if you can offer people real choice and control over how you use their data, and want to build their trust and engagement. But if you cannot offer a genuine choice, consent is not appropriate. If you would still process the personal data without consent, asking for consent is misleading and inherently unfair.
Most clinics using Juvonno can’t offer people real choice when it comes to collecting and processing health data because that data is deemed necessary for upholding standards of care and generating medical diagnoses. Most importantly, the collection, storage, and protection of data are regulated by local laws and regulating body by-laws & requirements. GDPR respects those laws, by-laws, and requirements and expects health care professionals to follow.
Instead of asking for consent to collect and process data, EU clinics using Juvonno are going to be documenting a Legal Basis for collecting and processing data - and then separately asking for other necessary consents (consent to treat, etc.).
Looking for the right words to document a Legal Basis for collecting and processing data? We’ve come up with a paragraph to get you started. Have a look at: GDPR Consent Language.
The direct links in this article send you to specific sections of EU ICO’s data protection guide. If you’d like to scroll through all the topics yourself: Guide to Data Protection.